Towards Cloud Security Monitoring: A Case Study

Book chapter

Ismail, Umar Mukhtar, Islam, S. and Islam, S. 2016. Towards Cloud Security Monitoring: A Case Study. in: 2016 Cybersecurity and Cyberforensics Conference (CCC) IEEE.
AuthorsIsmail, Umar Mukhtar, Islam, S. and Islam, S.
Abstract

Cloud computing has become the norm in the provisioning of computing resources due to its flexible and proven reliability. Businesses perceive cloud services as a trend that presents enormous possibilities both in economic and technical terms. The growth in cloud services have also increased bottlenecks and security risks to business assets. Cloud security monitoring has remained relatively unexplored in security terms, a factor that has led businesses to be oblivious on the metrics to capture and the appropriate techniques to use. In this paper, we explore security monitoring in terms of tracking specific user requirements based on a case study. We identify various security tools that are practically relevant for addressing the requirements, and devise selection criteria for choosing the best tools. We present an evaluation of the tools and present a ranking for the tools that meet the particular requirements of the case study. The effort in this paper broadens the notion of cloud security monitoring and provides a methodical practical approach to solving a security related issue.

KeywordsCloud computing; Monitoring; Security monitoring; Hardware; Computer architecture
Book title2016 Cybersecurity and Cyberforensics Conference (CCC)
Year2016
PublisherIEEE
Publication dates
Print20 Oct 2016
Publication process dates
Deposited15 Feb 2017
Event2015 Cybersecurity and Cyberforensics Conference (CCC)
ISBN978-1-5090-2658-6
978-1-5090-2657-9
Digital Object Identifier (DOI)https://doi.org/10.1109/CCC.2016.8
Additional information

© 2016 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Accepted author manuscript
Permalink -

https://repository.uel.ac.uk/item/84z01

Log in to edit

Download files

  • 179
    total views
  • 269
    total downloads
  • 1
    views this month
  • 2
    downloads this month

Export as

Related outputs

Asset Criticality and Risk Prediction for an Effective Cyber Security Risk Management of Cyber Physical System
Kure, H. I., Islam, S., Ghazanfar, M., Raza, A. and Pasha, M. 2021. Asset Criticality and Risk Prediction for an Effective Cyber Security Risk Management of Cyber Physical System. Neural Computing and Applications. 34, p. 493–514. https://doi.org/10.1007/s00521-021-06400-0
Cyber Threat Predictive Analytics for Improving Cyber Supply Chain Security
Yeboah-Ofori, A., Islam, S., Lee, S. W., Shamszaman, Z. U., Muhammad, K., Altaf, M. and Al-Rakhami, M. S. 2021. Cyber Threat Predictive Analytics for Improving Cyber Supply Chain Security. IEEE Access. 9, pp. 94318-94337. https://doi.org/10.1109/ACCESS.2021.3087109
Semantic-Based Process Mining Technique for Annotation and Modelling of Domain Processes
Okoye, K., Islam, S., Naeem, U. and Sharif, S. 2020. Semantic-Based Process Mining Technique for Annotation and Modelling of Domain Processes. International Journal of Innovative Computing, Information and Control. 16 (3), pp. 899-921. https://doi.org/10.24507/ijicic.16.03.899
An Integrated Cyber Security Risk Management Approach for a Cyber-Physical System
Kure, H., Islam, S. and Razzaque, Mohammad 2018. An Integrated Cyber Security Risk Management Approach for a Cyber-Physical System. Applied Sciences. 8 (6), p. Art. 898. https://doi.org/10.3390/app8060898
E-Government Maturity Model for Sustainable E-Government Services from the Perspective of Developing Countries
Joshi, P. and Islam, S. 2018. E-Government Maturity Model for Sustainable E-Government Services from the Perspective of Developing Countries. Sustainability. 10 (6), p. Art. 1882. https://doi.org/10.3390/su10061882
Assets focus risk management framework for critical infrastructure cybersecurity risk management
Kure, H. and Islam, S. 2019. Assets focus risk management framework for critical infrastructure cybersecurity risk management. IET Cyber-Physical Systems. 4 (4), pp. 332-340. https://doi.org/10.1049/iet-cps.2018.5079
Cyber Threat Intelligence for Improving Cybersecurity and Risk Management in Critical Infrastructure
Kure, H. and Islam, S. 2019. Cyber Threat Intelligence for Improving Cybersecurity and Risk Management in Critical Infrastructure. Journal of Universal Computer Science. 25 (11), pp. 1478-1502.
A Dynamic Access Control Model Using Authorising Workflow and Task-Role-Based Access Control
Uddin, M., Islam, S. and Al-Nemrat, A. 2019. A Dynamic Access Control Model Using Authorising Workflow and Task-Role-Based Access Control. IEEE Access. 7 (Art. 166676). https://doi.org/10.1109/ACCESS.2019.2947377
Improving Student Engagement and Performance in Computing Final Year Projects
Naeem, U., Islam, S. and Siddiqui, A. 2019. Improving Student Engagement and Performance in Computing Final Year Projects. IEEE TALE 2019. Yogyakarta - Indonesia 10 - 13 Oct 2019 IEEE. https://doi.org/10.1109/TALE48000.2019.9225860
Cyber Security Threat Modeling for Supply Chain Organizational Environments
Yeboah-Ofori, A. and Islam, S. 2019. Cyber Security Threat Modeling for Supply Chain Organizational Environments. Future Internet. 11 (3), p. Art. 63. https://doi.org/10.3390/fi11030063
Functional Connectivity Evaluation for Infant EEG Signals based on Artificial Neural Network
Sharif, M., Naeem, U., Islam, S. and Karami, A. 2018. Functional Connectivity Evaluation for Infant EEG Signals based on Artificial Neural Network. Arai, Kohei, Kapoor, Supriya and Bhatia, Rahul (ed.) Intelligent Systems Conference (IntelliSys) 2018. London, UK 06 - 07 Sep 2018 Springer, Cham. https://doi.org/10.1007/978-3-030-01057-7_34
The Application of a Semantic-Based Process Mining Framework on a Learning Process Domain
Okoye, Kingsley, Islam, S., Naeem, U., Sharif, M., Azam, Muhammad Awais and Karami, A. 2018. The Application of a Semantic-Based Process Mining Framework on a Learning Process Domain. Arai, Kohei, Kapoor, Supriya and Bhatia, Rahul (ed.) Intelligent Systems Conference (IntelliSys) 2018. London, UK 06 - 07 Sep 2018 Springer, Cham. https://doi.org/10.1007/978-3-030-01054-6_96
Authentication of Smartphone Users Based on Activity Recognition and Mobile Sensing
Ehatisham-ul-Haq, Muhammad, Azam, Muhammad Awais, Loo, Jonathan, Shuang, Kai, Islam, S., Naeem, U. and Amin, Yasar 2017. Authentication of Smartphone Users Based on Activity Recognition and Mobile Sensing. Sensors. 17 (9), p. 2043. https://doi.org/10.3390/s17092043
Taskification – Gamification of Tasks
Naeem, U., Islam, S., Sharif, M., Sudakov, Sergey and Azam, Awais 2017. Taskification – Gamification of Tasks. in: Proceedings of the 2017 ACM International Joint Conference on Pervasive and Ubiquitous Computing and Proceedings of the 2017 ACM International Symposium on Wearable Computers Association for Computing Machinery (ACM). pp. 631-634
SignalSense - Towards Quality Service
Islam, S., Sharif, M., Naeem, U. and Geehan, James 2017. SignalSense - Towards Quality Service. in: Proceedings of the 2017 ACM International Joint Conference on Pervasive and Ubiquitous Computing and Proceedings of the 2017 ACM International Symposium on Wearable Computers Association for Computing Machinery (ACM). pp. 627-630
CrimeSafe - Helping you stay safe
Islam, S., Naeem, U., Sharif, M. and Dovnarovic, Arnold 2017. CrimeSafe - Helping you stay safe. in: Proceedings of the 2017 ACM International Joint Conference on Pervasive and Ubiquitous Computing and Proceedings of the 2017 ACM International Symposium on Wearable Computers Association for Computing Machinery (ACM). pp. 642-645
Managing Social Engineering Attacks- Considering Human Factors and Security Investment
Alavi, R., Islam, S., Mouratidis, Haralambos and Lee, Sin Wee 2015. Managing Social Engineering Attacks- Considering Human Factors and Security Investment. in: Clarke, Nathan and Furnell, Steven (ed.) Proceedings of the Ninth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015) Plymouth University. pp. 161-171
Agile Changes of Security Landscape: A Human Factors and Security Investment View
Alavi, R. and Islam, S. 2016. Agile Changes of Security Landscape: A Human Factors and Security Investment View. in: Clarke, Nathan and Furnell, Steven (ed.) Proceedings of the Tenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2016) Plymouth University.
Using semantic-based approach to manage perspectives of process mining: Application on improving learning process domain data
Kingsley, Okoye, Tawil, Abdel-Rahman H., Naeem, U., Islam, S. and Lamine, Elyes 2017. Using semantic-based approach to manage perspectives of process mining: Application on improving learning process domain data. in: 2016 IEEE International Conference on Big Data (Big Data) IEEE. pp. 3529-3538
A Decision Framework Model for Migration into Cloud: Business, Application, Security and Privacy Perspectives
Islam, S., Weippl, Edgar R. and Krombholz, Katharina 2014. A Decision Framework Model for Migration into Cloud: Business, Application, Security and Privacy Perspectives. in: Proceedings of the 16th International Conference on Information Integration and Web-based Applications & Services New York, NY, USA Association for Computing Machinery (ACM). pp. 185-189
Sustainability forecast for cloud migration
Rahman, Alifah Aida Lope Abdul and Islam, S. 2015. Sustainability forecast for cloud migration. in: IEEE 9th International Symposium on the Maintenance and Evolution of Service-Oriented and Cloud-Based Environments (MESOCA) IEEE. pp. 31-35
Cloud Security Audit for Migration and Continuous Monitoring
Ismail, Umar Mukhtar, Islam, S. and Mouratidis, Haralambos 2015. Cloud Security Audit for Migration and Continuous Monitoring. in: 2015 IEEE Trustcom/BigDataSE/ISPA IEEE.
Dependence Cluster Visualization
Islam, S., Krinke, Jens and Binkley, David 2010. Dependence Cluster Visualization. in: Proceedings of the 5th international symposium on Software visualization New York, NY, USA Association for Computing Machinery (ACM). pp. 93-102
Less is more: Temporal fault predictive performance over multiple Hadoop releases
Harman, Mark, Islam, S., Jia, Yue, Minku, Leandro L., Sarro, Federica and Srivisut, Komsan 2014. Less is more: Temporal fault predictive performance over multiple Hadoop releases. in: Goues, Claire Le and Yoo, Shin (ed.) Search-Based Software Engineering Springer International Publishing.
ORBS: Language-Independent Program Slicing
Binkley, David, Gold, Nicolas, Harman, Mark, Islam, S., Krinke, Jens and Yoo, Shin 2014. ORBS: Language-Independent Program Slicing. in: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering New York, NY, USA Association for Computing Machinery (ACM). pp. 109-120
Jolinar: Analysing the Energy Footprint of Software Applications (demo)
Noureddine, A., Islam, S. and Bashroush, R. 2016. Jolinar: Analysing the Energy Footprint of Software Applications (demo). in: Proceedings of the 25th International Symposium on Software Testing and Analysis New York, NY, USA Association for Computing Machinery (ACM). pp. 445-448
Semantic-Based Model Analysis Towards Enhancing Information Values of Process Mining: Case Study of Learning Process Domain
Okoye, Kingsley, Tawila, Abdel-Rahman H., Naeem, U., Islam, S. and Lamine, Elyes 2017. Semantic-Based Model Analysis Towards Enhancing Information Values of Process Mining: Case Study of Learning Process Domain. in: Abraham, Ajith, Cherukuri, Aswani Kumar, Madureira, Ana Maria and Muda, Azah Kamilah (ed.) Proceedings of the Eighth International Conference on Soft Computing and Pattern Recognition (SoCPaR 2016) Springer, Cham.
Assessing the impact of global variables on program dependence and dependence clusters
Binkley, David, Harman, Mark, Hassoun, Youssef, Islam, S. and Li, Zheng 2009. Assessing the impact of global variables on program dependence and dependence clusters. Journal of Systems and Software. 83 (1), pp. 96-107. https://doi.org/10.1016/j.jss.2009.03.038
Requirements for the formal representation of pathophysiology mechanisms by clinicians
de Bono, B., Helvensteijn, M., Kokash, N., Martorelli, I., Sarwar, D., Islam, S., Grenon, P. and Hunter, P. 2016. Requirements for the formal representation of pathophysiology mechanisms by clinicians. Interface Focus. 6 (2), p. 20150075. https://doi.org/10.1098/rsfs.2015.0099
An empirical study on dependence clusters for effort-aware fault-proneness prediction
Yang, Yibiao, Harman, Mark, Krinke, Jens, Islam, S., Binkley, David, Zhou, Yuming and Xu, Baowen 2016. An empirical study on dependence clusters for effort-aware fault-proneness prediction. in: Lo, David, Apel, Sven and Khurshid, Sarfraz (ed.) ASE’16 Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering IEEE/ACM. pp. 296-307
Measuring sustainability for an effective Information System audit from public organization perspective
Lope Abdul Rahman, Alifah Aida, Islam, S. and Al-Nemrat, A. 2015. Measuring sustainability for an effective Information System audit from public organization perspective. in: Research Challenges in Information Science (RCIS), 2015 IEEE 9th International Conference on IEEE. pp. 42-51
A framework to support selection of cloud providers based on security and privacy requirements
Mouratidis, Haralambos, Islam, S., Kalloniatis, Christos and Gritzalis, Stefanos 2013. A framework to support selection of cloud providers based on security and privacy requirements. Journal of Systems and Software. 86 (9), pp. 2276-2293.
Evaluating cloud deployment scenarios based on security and privacy requirements
Kalloniatis, Christos, Mouratidis, Haralambos and Islam, S. 2013. Evaluating cloud deployment scenarios based on security and privacy requirements. Requirements Engineering. 18 (4), pp. 299-319. https://doi.org/10.1007/s00766-013-0166-7
Towards the design of secure and privacy-oriented Information systems in the cloud: Identifying the major concepts
Kalloniatis, Christos, Mouratidis, Haralambos, Vassilis, Manousakis, Islam, S., Gritzalis, Stefanos and Kavakli, Evangelia 2013. Towards the design of secure and privacy-oriented Information systems in the cloud: Identifying the major concepts. Computer Standards and Interfaces. 36 (4), pp. 759-775. https://doi.org/10.1016/j.csi.2013.12.010
An information security risk-driven investment model for analysing human factors
Alavi, R., Islam, S. and Mouratidis, Haralambos 2016. An information security risk-driven investment model for analysing human factors. Information and Computer Security. 24 (2), pp. 205-227.
A Risk Management Framework for Cloud Migration Decision Support
Islam, S., Fenz, Stefan, Weippl, Edgar and Mouratidis, Haralambos 2017. A Risk Management Framework for Cloud Migration Decision Support. Journal of Risk and Financial Management. 10 (2), p. 10. https://doi.org/10.3390/jrfm10020010
gUML: Reasoning about Energy at Design Time by Extending UML Deployment Diagrams with Data Centre Contextual Information
Jebraeil, Nigar, Noureddine, A., Doyle, J., Islam, S. and Bashroush, R. 2017. gUML: Reasoning about Energy at Design Time by Extending UML Deployment Diagrams with Data Centre Contextual Information. in: 2017 IEEE World Congress on Services (SERVICES) IEEE. pp. In Press
Cloud Strife: Expanding the Horizons of Cloud Gaming Services
Doyle, J., Islam, S., Bashroush, R. and O'Mahony, Donal 2017. Cloud Strife: Expanding the Horizons of Cloud Gaming Services. in: 2017 IEEE World Congress on Services (SERVICES) IEEE.
A Framework for Security Transparency in Cloud Computing
Ismail, U., Islam, S., Ouedraogo, Moussa and Weippl, Edgar 2016. A Framework for Security Transparency in Cloud Computing. Future Internet. 8 (1), p. 5.
Measuring energy footprint of software features
Islam, S., Noureddine, A. and Bashroush, Rabih 2016. Measuring energy footprint of software features. in: 2016 IEEE 24th International Conference on Program Comprehension (ICPC) IEEE.
PORBS: A parallel observation-based slicer
Islam, S. and Binkley, David 2016. PORBS: A parallel observation-based slicer. in: 2016 IEEE 24th International Conference on Program Comprehension (ICPC) IEEE.
Efficient Identification of Linchpin Vertices in Dependence Clusters
Binkley, David, Gold, Nicolas, Harman, Mark, Islam, S., Krinke, Jens and Li, Zheng 2013. Efficient Identification of Linchpin Vertices in Dependence Clusters. ACM Transactions on Programming Languages and Systems. 35 (2), pp. 1-35.
ORBS and the limits of static slicing
Binkley, David, Gold, Nicolas, Harman, Mark, Islam, S., Krinke, Jens and Yoo, Shin 2015. ORBS and the limits of static slicing. in: 2015 IEEE 15th International Working Conference on Source Code Analysis and Manipulation (SCAM) IEEE. pp. 1-10
Migration goals and risk management in cloud computing: A review of state of the art and survey results on practitioners
Islam, S., Fenz, Stefan, Weippl, Edgar and Kalloniatis, Christos 2016. Migration goals and risk management in cloud computing: A review of state of the art and survey results on practitioners. International Journal of Secure Software Engineering. 7 (3), pp. 44-73. https://doi.org/10.4018/IJSSE.2016070103
Coherent clusters in source code
Islam, S., Krinke, Jens, Binkley, David and Harman, Mark 2013. Coherent clusters in source code. Journal of Systems and Software. 88, pp. 1-24.
Uncovering Dependence Clusters and Linchpin Functions
Binkley, David, Beszédes, Árpád, Islam, S., Jász, Judit and Vancsics, Béla 2015. Uncovering Dependence Clusters and Linchpin Functions. in: 2015 IEEE 31st International Conference on Software Maintenance and Evolution (ICSME) IEEE. pp. 141-150
Assurance of security and privacy requirements for cloud deployment models
Islam, S., Ouedraogo, M., Kalloniatis, C., Mouratidis, H. and Gritzalis, S. 2015. Assurance of security and privacy requirements for cloud deployment models. IEEE Transactions on Cloud Computing. 6, pp. 387-400. https://doi.org/10.1109/TCC.2015.2511719
An empirical study on the implementation and evaluation of a goal-driven software development risk management model
Islam, S., Mouratidis, Haralambos and Weippl, Edgar R. 2013. An empirical study on the implementation and evaluation of a goal-driven software development risk management model. Information and Software Technology. 56 (2), pp. 117-133. https://doi.org/10.1016/j.infsof.2013.06.003
Human Factors in Software Security Risk Management
Islam, S. 2008. Human Factors in Software Security Risk Management. in: Proceedings of the first international workshop on Leadership and management in software architecture Association for Computing Machinery (ACM). pp. 13-16
Software Development Risk Management Model – A Goal Driven Approach
Islam, S. 2009. Software Development Risk Management Model – A Goal Driven Approach. ESEC/FSE'09 Joint 12th European Software Engineering Conference (ESEC) and 17th ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE-17). Amsterdam, The Netherlands 24 - 28 Aug 2009 Association for Computing Machinery (ACM).
Offshore-Outsourced Software Development Risk Management Model
Islam, S. 2009. Offshore-Outsourced Software Development Risk Management Model. pp. 514-519
Goal and Risk Factors in Offshore Outsourced Software Development From Vendor's Viewpoint
Islam, S. 2009. Goal and Risk Factors in Offshore Outsourced Software Development From Vendor's Viewpoint. 4th IEEE International Conference on Global Software Engineering. Limerick, Ireland 13 - 16 Jul 2009
Eliciting Security Requirements and Tracing them to Design: An Integration of Common Criteria, Heuristics, and UMLsec
Islam, S. 2009. Eliciting Security Requirements and Tracing them to Design: An Integration of Common Criteria, Heuristics, and UMLsec. Requirements Engineering Journal. 15 (1), pp. 63-93.
Towards a Framework to Elicit and Manage Security and Privacy Requirements from Laws and Regulations
Islam, S., Mouratidis, Haralambos and Wager, Stefan 2010. Towards a Framework to Elicit and Manage Security and Privacy Requirements from Laws and Regulations. in: Wieringa, Roel and Persson, Anne (ed.) Requirements Engineering: Foundation for Software Quality Springer.
A Framework to Support Alignment of Secure Software Engineering with Legal Regulations
Islam, S. and Mouratidis, Haralambos 2010. A Framework to Support Alignment of Secure Software Engineering with Legal Regulations. Software and Systems Modeling. 10 (3), pp. 369-394.
Integrating Risk Management Activities into Requirements Engineering
Islam, S. 2010. Integrating Risk Management Activities into Requirements Engineering. Fourth International Conference on Research Challenges in Information Science (RCIS), pp. 299-310
Measuring Security Requirements for Software Security
Islam, S. and Falcarin, P. 2011. Measuring Security Requirements for Software Security. IEEE 10th International Conference on Cybernetic Intelligent Systems (CIS). London 01 - 02 Sep 2011
Towards a Framework for Offshore Outsource Software Development Risk Management Model
Islam, S. 2011. Towards a Framework for Offshore Outsource Software Development Risk Management Model. Journal of Software. 6 (1), pp. 38-47.
Supporting Requirements Engineers in Recognising Security Issues
Islam, S. 2011. Supporting Requirements Engineers in Recognising Security Issues. in: Lecture Notes in Computer Science Springer.
Enhancing Security Requirements Engineering by Organisational Learning
Islam, S. 2012. Enhancing Security Requirements Engineering by Organisational Learning. Requirements Engineering Journal. 17 (1), pp. 35-36.
A CASE tool to support automated modelling and analysis of security requirements
Pavlidis, M., Islam, S. and Mouratidis, H. 2012. A CASE tool to support automated modelling and analysis of security requirements. in: Nurcan, S. (ed.) IS Olympics: Information Systems in a Diverse World Springer. pp. 95-109